> Wolfgang Bumiller <w.bumil...@proxmox.com> hat am 17.11.2023 11:00 CET
> geschrieben:
>
>
> On Thu, Nov 16, 2023 at 04:31:25PM +0100, Fabian Grünbichler wrote:
> > with ACLs being inherited along the pool hierarchy.
> >
> > Signed-off-by: Fabian Grünbichler <f.gruenbich...@proxmox.com>
> > ---
> > src/PVE/AccessControl.pm | 10 ++++++++--
> > src/test/perm-test6.pl | 16 ++++++++++++++++
> > src/test/test6.cfg | 5 +++++
> > 3 files changed, 29 insertions(+), 2 deletions(-)
> >
> > diff --git a/src/PVE/AccessControl.pm b/src/PVE/AccessControl.pm
> > index 9600e59..d9ae611 100644
> > --- a/src/PVE/AccessControl.pm
> > +++ b/src/PVE/AccessControl.pm
> > @@ -1264,7 +1264,7 @@ sub check_path {
> > |/nodes
> > |/nodes/[[:alnum:]\.\-\_]+
> > |/pool
> > - |/pool/[[:alnum:]\.\-\_]+
> > + |/pool/(:?[[:alnum:]\.\-\_]+\/?)+
>
> Should we incorporate the 3 level limit here?
> eg. [chars]+(?:/[chars]+){0,2}
> Although regex would differ from the one used below (although it could
> use the same with only the `{0,2}` bit removed...).
well, there is no harm in accepting a sub-ACL path that has no effect. we
usually have the opposite issue (forgetting to add/extending the entries here),
but I also don't mind adding it here and a reminder comment below where the
limit is enforced for the config/parameter values.
> > |/sdn
> > |/sdn/controllers
> > |/sdn/controllers/[[:alnum:]\_\-]+
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
